Shadow-IT threat bites as analysis finds 23% of shared cloud-app documents available to public

One in ten files shared within cloud applications is exposing sensitive or regulated data to potential compromise, according to an analysis of cloud file-sharing that placed the average potential losses from unmanaged 'shadow IT' at some $1.9m per organisation.

That figure was as high as $5.9m for education providers and $12m for healthcare providers, security provider Blue Coat Systems’ Elastica subsidiary calculated based on its analysis of some 63 million documents stored within cloud applications such as Microsoft Office 365, Google Drive, Salesforce.com, Box, and others.

Education and healthcare institutions were particularly exposed, the 2H 2015 Shadow Data Report found, due to “the large number of documents stored by educational organisations and the preponderance of PHI data in the healthcare industry.... Leakage of PHI documents is potentially more devastating than the leakage of PII or PCI data as it often includes a richer source of data that can be exploited for phishing and other social engineering attacks.”

Large healthcare organisations have suffered numerous breaches in recent years: healthcare provider Premera, for example, lost personal data on 11 million customers in an attack last year that was said to have been perpetrated by the same group that previously stole 78.8m records from healthcare giant Anthem and 21.5m records from the US Office of Personnel Management.

While those attacks were perpetrated by experienced hackers who had targeted their victim organisations, the figures – from Blue Coat's recently acquired Elastica Cloud Threat Labs team – highlight the additional risk from unmanaged employee use of cloud-based applications, which has increased from an average of 774 apps per organisation last year to 812 apps now.

As well as exposing organisations to direct security threats due to loss of control over their documents, cloud platforms tended to foster broad sharing of documents in ways for which they may not have been authorised.

Some 26 percent of documents stored in cloud apps are “broadly shared”, the analysis warned, noting that this sharing may variously make sensitive documents accessible to large numbers of employees as well as outside contractors, partners, and the Web at large. Some 23 percent of the documents analysed were shared publicly, allowing anybody with a link to access them.

Analysis of cloud-app usage suggested that many users are taking screenshots of sensitive data and sharing them far and wide – a conclusion reached by noting the “anomalous frequent previews” of documents in 3 percent of observed cases.

File sharing was fingered in 41 percent of cases where shadow-IT tools were threatening security, while email sending was noted in 18 percent and “frequent downloads” in 15 percent of cases.

The Blue Coat analysis also found that just 2 percent of cloud users were responsible for “all data exfiltration, data destruction, and cloud account takeover attempts detected” – showing the importance for organisations to be able to identify those users and remediate their security exposure.

Better staff training was identified as one of three key security tips for companies concerned about their shadow-IT exposure; the other two were in identifying risky apps – which allows CSOs to “make smart choices regarding which apps to sanction” – and in visualising data by drilling down into discovered documents to analyse them and the business risk that their sharing presents.

Tools for monitoring shadow IT usage often elude businesses – particularly smaller ones with limited resources. Aiming to resolve this, Elastica recently began offering its auditing tools to Telstra, which is rebundling the services for provision to its managed security services customers.

Latest Videos

Hear from Invictus Games Sydney 2019 CEO, Patrick Kidd OBE and Head of Technology, @James-d-smith -share their insights on how they partnered with Unisys to protect critical data over an open, public WiFi solution.

With so much change all the time, how can executives best prepare their businesses to meet the security challenges of the coming years? CSO Australia, in conjunction with Mimecast, explored this question in an interactive Webinar that looks at how the threat landscape has evolved – and what we can expect in 2019 and beyond.

According to new research conducted by the Ponemon Institute, Australia and New Zealand have the highest levels of data breaches out of the nine countries investigated. This was linked to heavy investment in security detection and an under-investment in security and vulnerability response capabilities

Copyright 2019 IDG Communications. ABN 14 001 592 650. All rights reserved. Reproduction in whole or in part in any form or medium without express written permission of IDG Communications is prohibited.